2 * NET4: Implementation of BSD Unix domain sockets.
4 * Authors: Alan Cox, <alan@lxorguk.ukuu.org.uk>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 * Linus Torvalds : Assorted bug cures.
13 * Niibe Yutaka : async I/O support.
14 * Carsten Paeth : PF_UNIX check, address fixes.
15 * Alan Cox : Limit size of allocated blocks.
16 * Alan Cox : Fixed the stupid socketpair bug.
17 * Alan Cox : BSD compatibility fine tuning.
18 * Alan Cox : Fixed a bug in connect when interrupted.
19 * Alan Cox : Sorted out a proper draft version of
20 * file descriptor passing hacked up from
22 * Marty Leisner : Fixes to fd passing
23 * Nick Nevin : recvmsg bugfix.
24 * Alan Cox : Started proper garbage collector
25 * Heiko EiBfeldt : Missing verify_area check
26 * Alan Cox : Started POSIXisms
27 * Andreas Schwab : Replace inode by dentry for proper
29 * Kirk Petersen : Made this a module
30 * Christoph Rohland : Elegant non-blocking accept/connect algorithm.
32 * Alexey Kuznetosv : Repaired (I hope) bugs introduces
33 * by above two patches.
34 * Andrea Arcangeli : If possible we block in connect(2)
35 * if the max backlog of the listen socket
36 * is been reached. This won't break
37 * old apps and it will avoid huge amount
38 * of socks hashed (this for unix_gc()
39 * performances reasons).
40 * Security fix that limits the max
41 * number of socks to 2*max_files and
42 * the number of skb queueable in the
44 * Artur Skawina : Hash function optimizations
45 * Alexey Kuznetsov : Full scale SMP. Lot of bugs are introduced 8)
46 * Malcolm Beattie : Set peercred for socketpair
47 * Michal Ostrowski : Module initialization cleanup.
48 * Arnaldo C. Melo : Remove MOD_{INC,DEC}_USE_COUNT,
49 * the core infrastructure is doing that
50 * for all net proto families now (2.5.69+)
53 * Known differences from reference BSD that was tested:
56 * ECONNREFUSED is not returned from one end of a connected() socket to the
57 * other the moment one end closes.
58 * fstat() doesn't return st_dev=0, and give the blksize as high water mark
59 * and a fake inode identifier (nor the BSD first socket fstat twice bug).
61 * accept() returns a path name even if the connecting socket has closed
62 * in the meantime (BSD loses the path and gives up).
63 * accept() returns 0 length path for an unbound connector. BSD returns 16
64 * and a null first byte in the path (but not for gethost/peername - BSD bug ??)
65 * socketpair(...SOCK_RAW..) doesn't panic the kernel.
66 * BSD af_unix apparently has connect forgetting to block properly.
67 * (need to check this with the POSIX spec in detail)
69 * Differences from 2.0.0-11-... (ANK)
70 * Bug fixes and improvements.
71 * - client shutdown killed server socket.
72 * - removed all useless cli/sti pairs.
74 * Semantic changes/extensions.
75 * - generic control message passing.
76 * - SCM_CREDENTIALS control message.
77 * - "Abstract" (not FS based) socket bindings.
78 * Abstract names are sequences of bytes (not zero terminated)
79 * started by 0, so that this name space does not intersect
83 #include <linux/module.h>
84 #include <linux/kernel.h>
85 #include <linux/signal.h>
86 #include <linux/sched.h>
87 #include <linux/errno.h>
88 #include <linux/string.h>
89 #include <linux/stat.h>
90 #include <linux/dcache.h>
91 #include <linux/namei.h>
92 #include <linux/socket.h>
94 #include <linux/fcntl.h>
95 #include <linux/termios.h>
96 #include <linux/sockios.h>
97 #include <linux/net.h>
100 #include <linux/slab.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <net/net_namespace.h>
105 #include <net/sock.h>
106 #include <net/tcp_states.h>
107 #include <net/af_unix.h>
108 #include <linux/proc_fs.h>
109 #include <linux/seq_file.h>
111 #include <linux/init.h>
112 #include <linux/poll.h>
113 #include <linux/rtnetlink.h>
114 #include <linux/mount.h>
115 #include <net/checksum.h>
116 #include <linux/security.h>
118 struct hlist_head unix_socket_table
[2 * UNIX_HASH_SIZE
];
119 EXPORT_SYMBOL_GPL(unix_socket_table
);
120 DEFINE_SPINLOCK(unix_table_lock
);
121 EXPORT_SYMBOL_GPL(unix_table_lock
);
122 static atomic_long_t unix_nr_socks
;
125 static struct hlist_head
*unix_sockets_unbound(void *addr
)
127 unsigned long hash
= (unsigned long)addr
;
131 hash
%= UNIX_HASH_SIZE
;
132 return &unix_socket_table
[UNIX_HASH_SIZE
+ hash
];
135 #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash < UNIX_HASH_SIZE)
137 #ifdef CONFIG_SECURITY_NETWORK
138 static void unix_get_secdata(struct scm_cookie
*scm
, struct sk_buff
*skb
)
140 memcpy(UNIXSID(skb
), &scm
->secid
, sizeof(u32
));
143 static inline void unix_set_secdata(struct scm_cookie
*scm
, struct sk_buff
*skb
)
145 scm
->secid
= *UNIXSID(skb
);
148 static inline void unix_get_secdata(struct scm_cookie
*scm
, struct sk_buff
*skb
)
151 static inline void unix_set_secdata(struct scm_cookie
*scm
, struct sk_buff
*skb
)
153 #endif /* CONFIG_SECURITY_NETWORK */
156 * SMP locking strategy:
157 * hash table is protected with spinlock unix_table_lock
158 * each socket state is protected by separate spin lock.
161 static inline unsigned int unix_hash_fold(__wsum n
)
163 unsigned int hash
= (__force
unsigned int)csum_fold(n
);
166 return hash
&(UNIX_HASH_SIZE
-1);
169 #define unix_peer(sk) (unix_sk(sk)->peer)
171 static inline int unix_our_peer(struct sock
*sk
, struct sock
*osk
)
173 return unix_peer(osk
) == sk
;
176 static inline int unix_may_send(struct sock
*sk
, struct sock
*osk
)
178 return unix_peer(osk
) == NULL
|| unix_our_peer(sk
, osk
);
181 static inline int unix_recvq_full(struct sock
const *sk
)
183 return skb_queue_len(&sk
->sk_receive_queue
) > sk
->sk_max_ack_backlog
;
186 struct sock
*unix_peer_get(struct sock
*s
)
194 unix_state_unlock(s
);
197 EXPORT_SYMBOL_GPL(unix_peer_get
);
199 static inline void unix_release_addr(struct unix_address
*addr
)
201 if (atomic_dec_and_test(&addr
->refcnt
))
206 * Check unix socket name:
207 * - should be not zero length.
208 * - if started by not zero, should be NULL terminated (FS object)
209 * - if started by zero, it is abstract name.
212 static int unix_mkname(struct sockaddr_un
*sunaddr
, int len
, unsigned int *hashp
)
214 if (len
<= sizeof(short) || len
> sizeof(*sunaddr
))
216 if (!sunaddr
|| sunaddr
->sun_family
!= AF_UNIX
)
218 if (sunaddr
->sun_path
[0]) {
220 * This may look like an off by one error but it is a bit more
221 * subtle. 108 is the longest valid AF_UNIX path for a binding.
222 * sun_path[108] doesn't as such exist. However in kernel space
223 * we are guaranteed that it is a valid memory location in our
224 * kernel address buffer.
226 ((char *)sunaddr
)[len
] = 0;
227 len
= strlen(sunaddr
->sun_path
)+1+sizeof(short);
231 *hashp
= unix_hash_fold(csum_partial(sunaddr
, len
, 0));
235 static void __unix_remove_socket(struct sock
*sk
)
237 sk_del_node_init(sk
);
240 static void __unix_insert_socket(struct hlist_head
*list
, struct sock
*sk
)
242 WARN_ON(!sk_unhashed(sk
));
243 sk_add_node(sk
, list
);
246 static inline void unix_remove_socket(struct sock
*sk
)
248 spin_lock(&unix_table_lock
);
249 __unix_remove_socket(sk
);
250 spin_unlock(&unix_table_lock
);
253 static inline void unix_insert_socket(struct hlist_head
*list
, struct sock
*sk
)
255 spin_lock(&unix_table_lock
);
256 __unix_insert_socket(list
, sk
);
257 spin_unlock(&unix_table_lock
);
260 static struct sock
*__unix_find_socket_byname(struct net
*net
,
261 struct sockaddr_un
*sunname
,
262 int len
, int type
, unsigned int hash
)
266 sk_for_each(s
, &unix_socket_table
[hash
^ type
]) {
267 struct unix_sock
*u
= unix_sk(s
);
269 if (!net_eq(sock_net(s
), net
))
272 if (u
->addr
->len
== len
&&
273 !memcmp(u
->addr
->name
, sunname
, len
))
281 static inline struct sock
*unix_find_socket_byname(struct net
*net
,
282 struct sockaddr_un
*sunname
,
288 spin_lock(&unix_table_lock
);
289 s
= __unix_find_socket_byname(net
, sunname
, len
, type
, hash
);
292 spin_unlock(&unix_table_lock
);
296 static struct sock
*unix_find_socket_byinode(struct inode
*i
)
300 spin_lock(&unix_table_lock
);
302 &unix_socket_table
[i
->i_ino
& (UNIX_HASH_SIZE
- 1)]) {
303 struct dentry
*dentry
= unix_sk(s
)->path
.dentry
;
305 if (dentry
&& dentry
->d_inode
== i
) {
312 spin_unlock(&unix_table_lock
);
316 /* Support code for asymmetrically connected dgram sockets
318 * If a datagram socket is connected to a socket not itself connected
319 * to the first socket (eg, /dev/log), clients may only enqueue more
320 * messages if the present receive queue of the server socket is not
321 * "too large". This means there's a second writeability condition
322 * poll and sendmsg need to test. The dgram recv code will do a wake
323 * up on the peer_wait wait queue of a socket upon reception of a
324 * datagram which needs to be propagated to sleeping would-be writers
325 * since these might not have sent anything so far. This can't be
326 * accomplished via poll_wait because the lifetime of the server
327 * socket might be less than that of its clients if these break their
328 * association with it or if the server socket is closed while clients
329 * are still connected to it and there's no way to inform "a polling
330 * implementation" that it should let go of a certain wait queue
332 * In order to propagate a wake up, a wait_queue_t of the client
333 * socket is enqueued on the peer_wait queue of the server socket
334 * whose wake function does a wake_up on the ordinary client socket
335 * wait queue. This connection is established whenever a write (or
336 * poll for write) hit the flow control condition and broken when the
337 * association to the server socket is dissolved or after a wake up
341 static int unix_dgram_peer_wake_relay(wait_queue_t
*q
, unsigned mode
, int flags
,
345 wait_queue_head_t
*u_sleep
;
347 u
= container_of(q
, struct unix_sock
, peer_wake
);
349 __remove_wait_queue(&unix_sk(u
->peer_wake
.private)->peer_wait
,
351 u
->peer_wake
.private = NULL
;
353 /* relaying can only happen while the wq still exists */
354 u_sleep
= sk_sleep(&u
->sk
);
356 wake_up_interruptible_poll(u_sleep
, key
);
361 static int unix_dgram_peer_wake_connect(struct sock
*sk
, struct sock
*other
)
363 struct unix_sock
*u
, *u_other
;
367 u_other
= unix_sk(other
);
369 spin_lock(&u_other
->peer_wait
.lock
);
371 if (!u
->peer_wake
.private) {
372 u
->peer_wake
.private = other
;
373 __add_wait_queue(&u_other
->peer_wait
, &u
->peer_wake
);
378 spin_unlock(&u_other
->peer_wait
.lock
);
382 static void unix_dgram_peer_wake_disconnect(struct sock
*sk
,
385 struct unix_sock
*u
, *u_other
;
388 u_other
= unix_sk(other
);
389 spin_lock(&u_other
->peer_wait
.lock
);
391 if (u
->peer_wake
.private == other
) {
392 __remove_wait_queue(&u_other
->peer_wait
, &u
->peer_wake
);
393 u
->peer_wake
.private = NULL
;
396 spin_unlock(&u_other
->peer_wait
.lock
);
399 static void unix_dgram_peer_wake_disconnect_wakeup(struct sock
*sk
,
402 unix_dgram_peer_wake_disconnect(sk
, other
);
403 wake_up_interruptible_poll(sk_sleep(sk
),
410 * - unix_peer(sk) == other
411 * - association is stable
413 static int unix_dgram_peer_wake_me(struct sock
*sk
, struct sock
*other
)
417 connected
= unix_dgram_peer_wake_connect(sk
, other
);
419 if (unix_recvq_full(other
))
423 unix_dgram_peer_wake_disconnect(sk
, other
);
428 static inline int unix_writable(struct sock
*sk
)
430 return (atomic_read(&sk
->sk_wmem_alloc
) << 2) <= sk
->sk_sndbuf
;
433 static void unix_write_space(struct sock
*sk
)
435 struct socket_wq
*wq
;
438 if (unix_writable(sk
)) {
439 wq
= rcu_dereference(sk
->sk_wq
);
440 if (wq_has_sleeper(wq
))
441 wake_up_interruptible_sync_poll(&wq
->wait
,
442 POLLOUT
| POLLWRNORM
| POLLWRBAND
);
443 sk_wake_async(sk
, SOCK_WAKE_SPACE
, POLL_OUT
);
448 /* When dgram socket disconnects (or changes its peer), we clear its receive
449 * queue of packets arrived from previous peer. First, it allows to do
450 * flow control based only on wmem_alloc; second, sk connected to peer
451 * may receive messages only from that peer. */
452 static void unix_dgram_disconnected(struct sock
*sk
, struct sock
*other
)
454 if (!skb_queue_empty(&sk
->sk_receive_queue
)) {
455 skb_queue_purge(&sk
->sk_receive_queue
);
456 wake_up_interruptible_all(&unix_sk(sk
)->peer_wait
);
458 /* If one link of bidirectional dgram pipe is disconnected,
459 * we signal error. Messages are lost. Do not make this,
460 * when peer was not connected to us.
462 if (!sock_flag(other
, SOCK_DEAD
) && unix_peer(other
) == sk
) {
463 other
->sk_err
= ECONNRESET
;
464 other
->sk_error_report(other
);
469 static void unix_sock_destructor(struct sock
*sk
)
471 struct unix_sock
*u
= unix_sk(sk
);
473 skb_queue_purge(&sk
->sk_receive_queue
);
475 WARN_ON(atomic_read(&sk
->sk_wmem_alloc
));
476 WARN_ON(!sk_unhashed(sk
));
477 WARN_ON(sk
->sk_socket
);
478 if (!sock_flag(sk
, SOCK_DEAD
)) {
479 printk(KERN_INFO
"Attempt to release alive unix socket: %p\n", sk
);
484 unix_release_addr(u
->addr
);
486 atomic_long_dec(&unix_nr_socks
);
488 sock_prot_inuse_add(sock_net(sk
), sk
->sk_prot
, -1);
490 #ifdef UNIX_REFCNT_DEBUG
491 printk(KERN_DEBUG
"UNIX %p is destroyed, %ld are still alive.\n", sk
,
492 atomic_long_read(&unix_nr_socks
));
496 static void unix_release_sock(struct sock
*sk
, int embrion
)
498 struct unix_sock
*u
= unix_sk(sk
);
504 unix_remove_socket(sk
);
509 sk
->sk_shutdown
= SHUTDOWN_MASK
;
511 u
->path
.dentry
= NULL
;
513 state
= sk
->sk_state
;
514 sk
->sk_state
= TCP_CLOSE
;
515 unix_state_unlock(sk
);
517 wake_up_interruptible_all(&u
->peer_wait
);
519 skpair
= unix_peer(sk
);
521 if (skpair
!= NULL
) {
522 if (sk
->sk_type
== SOCK_STREAM
|| sk
->sk_type
== SOCK_SEQPACKET
) {
523 unix_state_lock(skpair
);
525 skpair
->sk_shutdown
= SHUTDOWN_MASK
;
526 if (!skb_queue_empty(&sk
->sk_receive_queue
) || embrion
)
527 skpair
->sk_err
= ECONNRESET
;
528 unix_state_unlock(skpair
);
529 skpair
->sk_state_change(skpair
);
530 sk_wake_async(skpair
, SOCK_WAKE_WAITD
, POLL_HUP
);
533 unix_dgram_peer_wake_disconnect(sk
, skpair
);
534 sock_put(skpair
); /* It may now die */
535 unix_peer(sk
) = NULL
;
538 /* Try to flush out this socket. Throw out buffers at least */
540 while ((skb
= skb_dequeue(&sk
->sk_receive_queue
)) != NULL
) {
541 if (state
== TCP_LISTEN
)
542 unix_release_sock(skb
->sk
, 1);
543 /* passed fds are erased in the kfree_skb hook */
552 /* ---- Socket is dead now and most probably destroyed ---- */
555 * Fixme: BSD difference: In BSD all sockets connected to us get
556 * ECONNRESET and we die on the spot. In Linux we behave
557 * like files and pipes do and wait for the last
560 * Can't we simply set sock->err?
562 * What the above comment does talk about? --ANK(980817)
565 if (unix_tot_inflight
)
566 unix_gc(); /* Garbage collect fds */
569 static void init_peercred(struct sock
*sk
)
571 put_pid(sk
->sk_peer_pid
);
572 if (sk
->sk_peer_cred
)
573 put_cred(sk
->sk_peer_cred
);
574 sk
->sk_peer_pid
= get_pid(task_tgid(current
));
575 sk
->sk_peer_cred
= get_current_cred();
578 static void copy_peercred(struct sock
*sk
, struct sock
*peersk
)
580 put_pid(sk
->sk_peer_pid
);
581 if (sk
->sk_peer_cred
)
582 put_cred(sk
->sk_peer_cred
);
583 sk
->sk_peer_pid
= get_pid(peersk
->sk_peer_pid
);
584 sk
->sk_peer_cred
= get_cred(peersk
->sk_peer_cred
);
587 static int unix_listen(struct socket
*sock
, int backlog
)
590 struct sock
*sk
= sock
->sk
;
591 struct unix_sock
*u
= unix_sk(sk
);
592 struct pid
*old_pid
= NULL
;
595 if (sock
->type
!= SOCK_STREAM
&& sock
->type
!= SOCK_SEQPACKET
)
596 goto out
; /* Only stream/seqpacket sockets accept */
599 goto out
; /* No listens on an unbound socket */
601 if (sk
->sk_state
!= TCP_CLOSE
&& sk
->sk_state
!= TCP_LISTEN
)
603 if (backlog
> sk
->sk_max_ack_backlog
)
604 wake_up_interruptible_all(&u
->peer_wait
);
605 sk
->sk_max_ack_backlog
= backlog
;
606 sk
->sk_state
= TCP_LISTEN
;
607 /* set credentials so connect can copy them */
612 unix_state_unlock(sk
);
618 static int unix_release(struct socket
*);
619 static int unix_bind(struct socket
*, struct sockaddr
*, int);
620 static int unix_stream_connect(struct socket
*, struct sockaddr
*,
621 int addr_len
, int flags
);
622 static int unix_socketpair(struct socket
*, struct socket
*);
623 static int unix_accept(struct socket
*, struct socket
*, int);
624 static int unix_getname(struct socket
*, struct sockaddr
*, int *, int);
625 static unsigned int unix_poll(struct file
*, struct socket
*, poll_table
*);
626 static unsigned int unix_dgram_poll(struct file
*, struct socket
*,
628 static int unix_ioctl(struct socket
*, unsigned int, unsigned long);
629 static int unix_shutdown(struct socket
*, int);
630 static int unix_stream_sendmsg(struct kiocb
*, struct socket
*,
631 struct msghdr
*, size_t);
632 static int unix_stream_recvmsg(struct kiocb
*, struct socket
*,
633 struct msghdr
*, size_t, int);
634 static int unix_dgram_sendmsg(struct kiocb
*, struct socket
*,
635 struct msghdr
*, size_t);
636 static int unix_dgram_recvmsg(struct kiocb
*, struct socket
*,
637 struct msghdr
*, size_t, int);
638 static int unix_dgram_connect(struct socket
*, struct sockaddr
*,
640 static int unix_seqpacket_sendmsg(struct kiocb
*, struct socket
*,
641 struct msghdr
*, size_t);
642 static int unix_seqpacket_recvmsg(struct kiocb
*, struct socket
*,
643 struct msghdr
*, size_t, int);
645 static int unix_set_peek_off(struct sock
*sk
, int val
)
647 struct unix_sock
*u
= unix_sk(sk
);
649 if (mutex_lock_interruptible(&u
->readlock
))
652 sk
->sk_peek_off
= val
;
653 mutex_unlock(&u
->readlock
);
659 static const struct proto_ops unix_stream_ops
= {
661 .owner
= THIS_MODULE
,
662 .release
= unix_release
,
664 .connect
= unix_stream_connect
,
665 .socketpair
= unix_socketpair
,
666 .accept
= unix_accept
,
667 .getname
= unix_getname
,
670 .listen
= unix_listen
,
671 .shutdown
= unix_shutdown
,
672 .setsockopt
= sock_no_setsockopt
,
673 .getsockopt
= sock_no_getsockopt
,
674 .sendmsg
= unix_stream_sendmsg
,
675 .recvmsg
= unix_stream_recvmsg
,
676 .mmap
= sock_no_mmap
,
677 .sendpage
= sock_no_sendpage
,
678 .set_peek_off
= unix_set_peek_off
,
681 static const struct proto_ops unix_dgram_ops
= {
683 .owner
= THIS_MODULE
,
684 .release
= unix_release
,
686 .connect
= unix_dgram_connect
,
687 .socketpair
= unix_socketpair
,
688 .accept
= sock_no_accept
,
689 .getname
= unix_getname
,
690 .poll
= unix_dgram_poll
,
692 .listen
= sock_no_listen
,
693 .shutdown
= unix_shutdown
,
694 .setsockopt
= sock_no_setsockopt
,
695 .getsockopt
= sock_no_getsockopt
,
696 .sendmsg
= unix_dgram_sendmsg
,
697 .recvmsg
= unix_dgram_recvmsg
,
698 .mmap
= sock_no_mmap
,
699 .sendpage
= sock_no_sendpage
,
700 .set_peek_off
= unix_set_peek_off
,
703 static const struct proto_ops unix_seqpacket_ops
= {
705 .owner
= THIS_MODULE
,
706 .release
= unix_release
,
708 .connect
= unix_stream_connect
,
709 .socketpair
= unix_socketpair
,
710 .accept
= unix_accept
,
711 .getname
= unix_getname
,
712 .poll
= unix_dgram_poll
,
714 .listen
= unix_listen
,
715 .shutdown
= unix_shutdown
,
716 .setsockopt
= sock_no_setsockopt
,
717 .getsockopt
= sock_no_getsockopt
,
718 .sendmsg
= unix_seqpacket_sendmsg
,
719 .recvmsg
= unix_seqpacket_recvmsg
,
720 .mmap
= sock_no_mmap
,
721 .sendpage
= sock_no_sendpage
,
722 .set_peek_off
= unix_set_peek_off
,
725 static struct proto unix_proto
= {
727 .owner
= THIS_MODULE
,
728 .obj_size
= sizeof(struct unix_sock
),
732 * AF_UNIX sockets do not interact with hardware, hence they
733 * dont trigger interrupts - so it's safe for them to have
734 * bh-unsafe locking for their sk_receive_queue.lock. Split off
735 * this special lock-class by reinitializing the spinlock key:
737 static struct lock_class_key af_unix_sk_receive_queue_lock_key
;
739 static struct sock
*unix_create1(struct net
*net
, struct socket
*sock
)
741 struct sock
*sk
= NULL
;
744 atomic_long_inc(&unix_nr_socks
);
745 if (atomic_long_read(&unix_nr_socks
) > 2 * get_max_files())
748 sk
= sk_alloc(net
, PF_UNIX
, GFP_KERNEL
, &unix_proto
);
752 sock_init_data(sock
, sk
);
753 lockdep_set_class(&sk
->sk_receive_queue
.lock
,
754 &af_unix_sk_receive_queue_lock_key
);
756 sk
->sk_write_space
= unix_write_space
;
757 sk
->sk_max_ack_backlog
= net
->unx
.sysctl_max_dgram_qlen
;
758 sk
->sk_destruct
= unix_sock_destructor
;
760 u
->path
.dentry
= NULL
;
762 spin_lock_init(&u
->lock
);
763 atomic_long_set(&u
->inflight
, 0);
764 INIT_LIST_HEAD(&u
->link
);
765 mutex_init(&u
->readlock
); /* single task reading lock */
766 init_waitqueue_head(&u
->peer_wait
);
767 init_waitqueue_func_entry(&u
->peer_wake
, unix_dgram_peer_wake_relay
);
768 unix_insert_socket(unix_sockets_unbound(sk
), sk
);
771 atomic_long_dec(&unix_nr_socks
);
774 sock_prot_inuse_add(sock_net(sk
), sk
->sk_prot
, 1);
780 static int unix_create(struct net
*net
, struct socket
*sock
, int protocol
,
783 if (protocol
&& protocol
!= PF_UNIX
)
784 return -EPROTONOSUPPORT
;
786 sock
->state
= SS_UNCONNECTED
;
788 switch (sock
->type
) {
790 sock
->ops
= &unix_stream_ops
;
793 * Believe it or not BSD has AF_UNIX, SOCK_RAW though
797 sock
->type
= SOCK_DGRAM
;
799 sock
->ops
= &unix_dgram_ops
;
802 sock
->ops
= &unix_seqpacket_ops
;
805 return -ESOCKTNOSUPPORT
;
808 return unix_create1(net
, sock
) ? 0 : -ENOMEM
;
811 static int unix_release(struct socket
*sock
)
813 struct sock
*sk
= sock
->sk
;
818 unix_release_sock(sk
, 0);
824 static int unix_autobind(struct socket
*sock
)
826 struct sock
*sk
= sock
->sk
;
827 struct net
*net
= sock_net(sk
);
828 struct unix_sock
*u
= unix_sk(sk
);
829 static u32 ordernum
= 1;
830 struct unix_address
*addr
;
832 unsigned int retries
= 0;
834 err
= mutex_lock_interruptible(&u
->readlock
);
843 addr
= kzalloc(sizeof(*addr
) + sizeof(short) + 16, GFP_KERNEL
);
847 addr
->name
->sun_family
= AF_UNIX
;
848 atomic_set(&addr
->refcnt
, 1);
851 addr
->len
= sprintf(addr
->name
->sun_path
+1, "%05x", ordernum
) + 1 + sizeof(short);
852 addr
->hash
= unix_hash_fold(csum_partial(addr
->name
, addr
->len
, 0));
854 spin_lock(&unix_table_lock
);
855 ordernum
= (ordernum
+1)&0xFFFFF;
857 if (__unix_find_socket_byname(net
, addr
->name
, addr
->len
, sock
->type
,
859 spin_unlock(&unix_table_lock
);
861 * __unix_find_socket_byname() may take long time if many names
862 * are already in use.
865 /* Give up if all names seems to be in use. */
866 if (retries
++ == 0xFFFFF) {
873 addr
->hash
^= sk
->sk_type
;
875 __unix_remove_socket(sk
);
877 __unix_insert_socket(&unix_socket_table
[addr
->hash
], sk
);
878 spin_unlock(&unix_table_lock
);
881 out
: mutex_unlock(&u
->readlock
);
885 static struct sock
*unix_find_other(struct net
*net
,
886 struct sockaddr_un
*sunname
, int len
,
887 int type
, unsigned int hash
, int *error
)
893 if (sunname
->sun_path
[0]) {
895 err
= kern_path(sunname
->sun_path
, LOOKUP_FOLLOW
, &path
);
898 inode
= path
.dentry
->d_inode
;
899 err
= inode_permission(inode
, MAY_WRITE
);
904 if (!S_ISSOCK(inode
->i_mode
))
906 u
= unix_find_socket_byinode(inode
);
910 if (u
->sk_type
== type
)
916 if (u
->sk_type
!= type
) {
922 u
= unix_find_socket_byname(net
, sunname
, len
, type
, hash
);
924 struct dentry
*dentry
;
925 dentry
= unix_sk(u
)->path
.dentry
;
927 touch_atime(&unix_sk(u
)->path
);
940 static int unix_mknod(const char *sun_path
, umode_t mode
, struct path
*res
)
942 struct dentry
*dentry
;
946 * Get the parent directory, calculate the hash for last
949 dentry
= kern_path_create(AT_FDCWD
, sun_path
, &path
, 0);
950 err
= PTR_ERR(dentry
);
955 * All right, let's create it.
957 err
= security_path_mknod(&path
, dentry
, mode
, 0);
959 err
= vfs_mknod(path
.dentry
->d_inode
, dentry
, mode
, 0);
961 res
->mnt
= mntget(path
.mnt
);
962 res
->dentry
= dget(dentry
);
965 done_path_create(&path
, dentry
);
969 static int unix_bind(struct socket
*sock
, struct sockaddr
*uaddr
, int addr_len
)
971 struct sock
*sk
= sock
->sk
;
972 struct net
*net
= sock_net(sk
);
973 struct unix_sock
*u
= unix_sk(sk
);
974 struct sockaddr_un
*sunaddr
= (struct sockaddr_un
*)uaddr
;
975 char *sun_path
= sunaddr
->sun_path
;
978 struct unix_address
*addr
;
979 struct hlist_head
*list
;
982 if (sunaddr
->sun_family
!= AF_UNIX
)
985 if (addr_len
== sizeof(short)) {
986 err
= unix_autobind(sock
);
990 err
= unix_mkname(sunaddr
, addr_len
, &hash
);
995 err
= mutex_lock_interruptible(&u
->readlock
);
1004 addr
= kmalloc(sizeof(*addr
)+addr_len
, GFP_KERNEL
);
1008 memcpy(addr
->name
, sunaddr
, addr_len
);
1009 addr
->len
= addr_len
;
1010 addr
->hash
= hash
^ sk
->sk_type
;
1011 atomic_set(&addr
->refcnt
, 1);
1015 umode_t mode
= S_IFSOCK
|
1016 (SOCK_INODE(sock
)->i_mode
& ~current_umask());
1017 err
= unix_mknod(sun_path
, mode
, &path
);
1021 unix_release_addr(addr
);
1024 addr
->hash
= UNIX_HASH_SIZE
;
1025 hash
= path
.dentry
->d_inode
->i_ino
& (UNIX_HASH_SIZE
-1);
1026 spin_lock(&unix_table_lock
);
1028 list
= &unix_socket_table
[hash
];
1030 spin_lock(&unix_table_lock
);
1032 if (__unix_find_socket_byname(net
, sunaddr
, addr_len
,
1033 sk
->sk_type
, hash
)) {
1034 unix_release_addr(addr
);
1038 list
= &unix_socket_table
[addr
->hash
];
1042 __unix_remove_socket(sk
);
1044 __unix_insert_socket(list
, sk
);
1047 spin_unlock(&unix_table_lock
);
1049 mutex_unlock(&u
->readlock
);
1054 static void unix_state_double_lock(struct sock
*sk1
, struct sock
*sk2
)
1056 if (unlikely(sk1
== sk2
) || !sk2
) {
1057 unix_state_lock(sk1
);
1061 unix_state_lock(sk1
);
1062 unix_state_lock_nested(sk2
);
1064 unix_state_lock(sk2
);
1065 unix_state_lock_nested(sk1
);
1069 static void unix_state_double_unlock(struct sock
*sk1
, struct sock
*sk2
)
1071 if (unlikely(sk1
== sk2
) || !sk2
) {
1072 unix_state_unlock(sk1
);
1075 unix_state_unlock(sk1
);
1076 unix_state_unlock(sk2
);
1079 static int unix_dgram_connect(struct socket
*sock
, struct sockaddr
*addr
,
1080 int alen
, int flags
)
1082 struct sock
*sk
= sock
->sk
;
1083 struct net
*net
= sock_net(sk
);
1084 struct sockaddr_un
*sunaddr
= (struct sockaddr_un
*)addr
;
1089 if (addr
->sa_family
!= AF_UNSPEC
) {
1090 err
= unix_mkname(sunaddr
, alen
, &hash
);
1095 if (test_bit(SOCK_PASSCRED
, &sock
->flags
) &&
1096 !unix_sk(sk
)->addr
&& (err
= unix_autobind(sock
)) != 0)
1100 other
= unix_find_other(net
, sunaddr
, alen
, sock
->type
, hash
, &err
);
1104 unix_state_double_lock(sk
, other
);
1106 /* Apparently VFS overslept socket death. Retry. */
1107 if (sock_flag(other
, SOCK_DEAD
)) {
1108 unix_state_double_unlock(sk
, other
);
1114 if (!unix_may_send(sk
, other
))
1117 err
= security_unix_may_send(sk
->sk_socket
, other
->sk_socket
);
1123 * 1003.1g breaking connected state with AF_UNSPEC
1126 unix_state_double_lock(sk
, other
);
1130 * If it was connected, reconnect.
1132 if (unix_peer(sk
)) {
1133 struct sock
*old_peer
= unix_peer(sk
);
1134 unix_peer(sk
) = other
;
1135 unix_dgram_peer_wake_disconnect_wakeup(sk
, old_peer
);
1137 unix_state_double_unlock(sk
, other
);
1139 if (other
!= old_peer
)
1140 unix_dgram_disconnected(sk
, old_peer
);
1143 unix_peer(sk
) = other
;
1144 unix_state_double_unlock(sk
, other
);
1149 unix_state_double_unlock(sk
, other
);
1155 static long unix_wait_for_peer(struct sock
*other
, long timeo
)
1157 struct unix_sock
*u
= unix_sk(other
);
1161 prepare_to_wait_exclusive(&u
->peer_wait
, &wait
, TASK_INTERRUPTIBLE
);
1163 sched
= !sock_flag(other
, SOCK_DEAD
) &&
1164 !(other
->sk_shutdown
& RCV_SHUTDOWN
) &&
1165 unix_recvq_full(other
);
1167 unix_state_unlock(other
);
1170 timeo
= schedule_timeout(timeo
);
1172 finish_wait(&u
->peer_wait
, &wait
);
1176 static int unix_stream_connect(struct socket
*sock
, struct sockaddr
*uaddr
,
1177 int addr_len
, int flags
)
1179 struct sockaddr_un
*sunaddr
= (struct sockaddr_un
*)uaddr
;
1180 struct sock
*sk
= sock
->sk
;
1181 struct net
*net
= sock_net(sk
);
1182 struct unix_sock
*u
= unix_sk(sk
), *newu
, *otheru
;
1183 struct sock
*newsk
= NULL
;
1184 struct sock
*other
= NULL
;
1185 struct sk_buff
*skb
= NULL
;
1191 err
= unix_mkname(sunaddr
, addr_len
, &hash
);
1196 if (test_bit(SOCK_PASSCRED
, &sock
->flags
) && !u
->addr
&&
1197 (err
= unix_autobind(sock
)) != 0)
1200 timeo
= sock_sndtimeo(sk
, flags
& O_NONBLOCK
);
1202 /* First of all allocate resources.
1203 If we will make it after state is locked,
1204 we will have to recheck all again in any case.
1209 /* create new sock for complete connection */
1210 newsk
= unix_create1(sock_net(sk
), NULL
);
1214 /* Allocate skb for sending to listening sock */
1215 skb
= sock_wmalloc(newsk
, 1, 0, GFP_KERNEL
);
1220 /* Find listening sock. */
1221 other
= unix_find_other(net
, sunaddr
, addr_len
, sk
->sk_type
, hash
, &err
);
1225 /* Latch state of peer */
1226 unix_state_lock(other
);
1228 /* Apparently VFS overslept socket death. Retry. */
1229 if (sock_flag(other
, SOCK_DEAD
)) {
1230 unix_state_unlock(other
);
1235 err
= -ECONNREFUSED
;
1236 if (other
->sk_state
!= TCP_LISTEN
)
1238 if (other
->sk_shutdown
& RCV_SHUTDOWN
)
1241 if (unix_recvq_full(other
)) {
1246 timeo
= unix_wait_for_peer(other
, timeo
);
1248 err
= sock_intr_errno(timeo
);
1249 if (signal_pending(current
))
1257 It is tricky place. We need to grab our state lock and cannot
1258 drop lock on peer. It is dangerous because deadlock is
1259 possible. Connect to self case and simultaneous
1260 attempt to connect are eliminated by checking socket
1261 state. other is TCP_LISTEN, if sk is TCP_LISTEN we
1262 check this before attempt to grab lock.
1264 Well, and we have to recheck the state after socket locked.
1270 /* This is ok... continue with connect */
1272 case TCP_ESTABLISHED
:
1273 /* Socket is already connected */
1281 unix_state_lock_nested(sk
);
1283 if (sk
->sk_state
!= st
) {
1284 unix_state_unlock(sk
);
1285 unix_state_unlock(other
);
1290 err
= security_unix_stream_connect(sk
, other
, newsk
);
1292 unix_state_unlock(sk
);
1296 /* The way is open! Fastly set all the necessary fields... */
1299 unix_peer(newsk
) = sk
;
1300 newsk
->sk_state
= TCP_ESTABLISHED
;
1301 newsk
->sk_type
= sk
->sk_type
;
1302 init_peercred(newsk
);
1303 newu
= unix_sk(newsk
);
1304 RCU_INIT_POINTER(newsk
->sk_wq
, &newu
->peer_wq
);
1305 otheru
= unix_sk(other
);
1307 /* copy address information from listening to new sock*/
1309 atomic_inc(&otheru
->addr
->refcnt
);
1310 newu
->addr
= otheru
->addr
;
1312 if (otheru
->path
.dentry
) {
1313 path_get(&otheru
->path
);
1314 newu
->path
= otheru
->path
;
1317 /* Set credentials */
1318 copy_peercred(sk
, other
);
1320 sock
->state
= SS_CONNECTED
;
1321 sk
->sk_state
= TCP_ESTABLISHED
;
1324 smp_mb__after_atomic_inc(); /* sock_hold() does an atomic_inc() */
1325 unix_peer(sk
) = newsk
;
1327 unix_state_unlock(sk
);
1329 /* take ten and and send info to listening sock */
1330 spin_lock(&other
->sk_receive_queue
.lock
);
1331 __skb_queue_tail(&other
->sk_receive_queue
, skb
);
1332 spin_unlock(&other
->sk_receive_queue
.lock
);
1333 unix_state_unlock(other
);
1334 other
->sk_data_ready(other
, 0);
1340 unix_state_unlock(other
);
1345 unix_release_sock(newsk
, 0);
1351 static int unix_socketpair(struct socket
*socka
, struct socket
*sockb
)
1353 struct sock
*ska
= socka
->sk
, *skb
= sockb
->sk
;
1355 /* Join our sockets back to back */
1358 unix_peer(ska
) = skb
;
1359 unix_peer(skb
) = ska
;
1363 if (ska
->sk_type
!= SOCK_DGRAM
) {
1364 ska
->sk_state
= TCP_ESTABLISHED
;
1365 skb
->sk_state
= TCP_ESTABLISHED
;
1366 socka
->state
= SS_CONNECTED
;
1367 sockb
->state
= SS_CONNECTED
;
1372 static void unix_sock_inherit_flags(const struct socket
*old
,
1375 if (test_bit(SOCK_PASSCRED
, &old
->flags
))
1376 set_bit(SOCK_PASSCRED
, &new->flags
);
1377 if (test_bit(SOCK_PASSSEC
, &old
->flags
))
1378 set_bit(SOCK_PASSSEC
, &new->flags
);
1381 static int unix_accept(struct socket
*sock
, struct socket
*newsock
, int flags
)
1383 struct sock
*sk
= sock
->sk
;
1385 struct sk_buff
*skb
;
1389 if (sock
->type
!= SOCK_STREAM
&& sock
->type
!= SOCK_SEQPACKET
)
1393 if (sk
->sk_state
!= TCP_LISTEN
)
1396 /* If socket state is TCP_LISTEN it cannot change (for now...),
1397 * so that no locks are necessary.
1400 skb
= skb_recv_datagram(sk
, 0, flags
&O_NONBLOCK
, &err
);
1402 /* This means receive shutdown. */
1409 skb_free_datagram(sk
, skb
);
1410 wake_up_interruptible(&unix_sk(sk
)->peer_wait
);
1412 /* attach accepted sock to socket */
1413 unix_state_lock(tsk
);
1414 newsock
->state
= SS_CONNECTED
;
1415 unix_sock_inherit_flags(sock
, newsock
);
1416 sock_graft(tsk
, newsock
);
1417 unix_state_unlock(tsk
);
1425 static int unix_getname(struct socket
*sock
, struct sockaddr
*uaddr
, int *uaddr_len
, int peer
)
1427 struct sock
*sk
= sock
->sk
;
1428 struct unix_sock
*u
;
1429 DECLARE_SOCKADDR(struct sockaddr_un
*, sunaddr
, uaddr
);
1433 sk
= unix_peer_get(sk
);
1444 unix_state_lock(sk
);
1446 sunaddr
->sun_family
= AF_UNIX
;
1447 sunaddr
->sun_path
[0] = 0;
1448 *uaddr_len
= sizeof(short);
1450 struct unix_address
*addr
= u
->addr
;
1452 *uaddr_len
= addr
->len
;
1453 memcpy(sunaddr
, addr
->name
, *uaddr_len
);
1455 unix_state_unlock(sk
);
1461 static void unix_detach_fds(struct scm_cookie
*scm
, struct sk_buff
*skb
)
1465 scm
->fp
= UNIXCB(skb
).fp
;
1466 UNIXCB(skb
).fp
= NULL
;
1468 for (i
= scm
->fp
->count
-1; i
>= 0; i
--)
1469 unix_notinflight(scm
->fp
->fp
[i
]);
1472 static void unix_destruct_scm(struct sk_buff
*skb
)
1474 struct scm_cookie scm
;
1475 memset(&scm
, 0, sizeof(scm
));
1476 scm
.pid
= UNIXCB(skb
).pid
;
1478 unix_detach_fds(&scm
, skb
);
1480 /* Alas, it calls VFS */
1481 /* So fscking what? fput() had been SMP-safe since the last Summer */
1486 #define MAX_RECURSION_LEVEL 4
1488 static int unix_attach_fds(struct scm_cookie
*scm
, struct sk_buff
*skb
)
1491 unsigned char max_level
= 0;
1492 int unix_sock_count
= 0;
1494 for (i
= scm
->fp
->count
- 1; i
>= 0; i
--) {
1495 struct sock
*sk
= unix_get_socket(scm
->fp
->fp
[i
]);
1499 max_level
= max(max_level
,
1500 unix_sk(sk
)->recursion_level
);
1503 if (unlikely(max_level
> MAX_RECURSION_LEVEL
))
1504 return -ETOOMANYREFS
;
1507 * Need to duplicate file references for the sake of garbage
1508 * collection. Otherwise a socket in the fps might become a
1509 * candidate for GC while the skb is not yet queued.
1511 UNIXCB(skb
).fp
= scm_fp_dup(scm
->fp
);
1512 if (!UNIXCB(skb
).fp
)
1515 if (unix_sock_count
) {
1516 for (i
= scm
->fp
->count
- 1; i
>= 0; i
--)
1517 unix_inflight(scm
->fp
->fp
[i
]);
1522 static int unix_scm_to_skb(struct scm_cookie
*scm
, struct sk_buff
*skb
, bool send_fds
)
1526 UNIXCB(skb
).pid
= get_pid(scm
->pid
);
1527 UNIXCB(skb
).uid
= scm
->creds
.uid
;
1528 UNIXCB(skb
).gid
= scm
->creds
.gid
;
1529 UNIXCB(skb
).fp
= NULL
;
1530 if (scm
->fp
&& send_fds
)
1531 err
= unix_attach_fds(scm
, skb
);
1533 skb
->destructor
= unix_destruct_scm
;
1538 * Some apps rely on write() giving SCM_CREDENTIALS
1539 * We include credentials if source or destination socket
1540 * asserted SOCK_PASSCRED.
1542 static void maybe_add_creds(struct sk_buff
*skb
, const struct socket
*sock
,
1543 const struct sock
*other
)
1545 if (UNIXCB(skb
).pid
)
1547 if (test_bit(SOCK_PASSCRED
, &sock
->flags
) ||
1548 !other
->sk_socket
||
1549 test_bit(SOCK_PASSCRED
, &other
->sk_socket
->flags
)) {
1550 UNIXCB(skb
).pid
= get_pid(task_tgid(current
));
1551 current_uid_gid(&UNIXCB(skb
).uid
, &UNIXCB(skb
).gid
);
1556 * Send AF_UNIX data.
1559 static int unix_dgram_sendmsg(struct kiocb
*kiocb
, struct socket
*sock
,
1560 struct msghdr
*msg
, size_t len
)
1562 struct sock_iocb
*siocb
= kiocb_to_siocb(kiocb
);
1563 struct sock
*sk
= sock
->sk
;
1564 struct net
*net
= sock_net(sk
);
1565 struct unix_sock
*u
= unix_sk(sk
);
1566 struct sockaddr_un
*sunaddr
= msg
->msg_name
;
1567 struct sock
*other
= NULL
;
1568 int namelen
= 0; /* fake GCC */
1571 struct sk_buff
*skb
;
1573 struct scm_cookie tmp_scm
;
1578 if (NULL
== siocb
->scm
)
1579 siocb
->scm
= &tmp_scm
;
1581 err
= scm_send(sock
, msg
, siocb
->scm
, false);
1586 if (msg
->msg_flags
&MSG_OOB
)
1589 if (msg
->msg_namelen
) {
1590 err
= unix_mkname(sunaddr
, msg
->msg_namelen
, &hash
);
1597 other
= unix_peer_get(sk
);
1602 if (test_bit(SOCK_PASSCRED
, &sock
->flags
) && !u
->addr
1603 && (err
= unix_autobind(sock
)) != 0)
1607 if (len
> sk
->sk_sndbuf
- 32)
1610 if (len
> SKB_MAX_ALLOC
)
1611 data_len
= min_t(size_t,
1612 len
- SKB_MAX_ALLOC
,
1613 MAX_SKB_FRAGS
* PAGE_SIZE
);
1615 skb
= sock_alloc_send_pskb(sk
, len
- data_len
, data_len
,
1616 msg
->msg_flags
& MSG_DONTWAIT
, &err
);
1620 err
= unix_scm_to_skb(siocb
->scm
, skb
, true);
1623 max_level
= err
+ 1;
1624 unix_get_secdata(siocb
->scm
, skb
);
1626 skb_put(skb
, len
- data_len
);
1627 skb
->data_len
= data_len
;
1629 err
= skb_copy_datagram_from_iovec(skb
, 0, msg
->msg_iov
, 0, len
);
1633 timeo
= sock_sndtimeo(sk
, msg
->msg_flags
& MSG_DONTWAIT
);
1638 if (sunaddr
== NULL
)
1641 other
= unix_find_other(net
, sunaddr
, namelen
, sk
->sk_type
,
1647 if (sk_filter(other
, skb
) < 0) {
1648 /* Toss the packet but do not return any error to the sender */
1654 unix_state_lock(other
);
1657 if (!unix_may_send(sk
, other
))
1660 if (unlikely(sock_flag(other
, SOCK_DEAD
))) {
1662 * Check with 1003.1g - what should
1665 unix_state_unlock(other
);
1669 unix_state_lock(sk
);
1672 if (unix_peer(sk
) == other
) {
1673 unix_peer(sk
) = NULL
;
1674 unix_dgram_peer_wake_disconnect_wakeup(sk
, other
);
1676 unix_state_unlock(sk
);
1678 unix_dgram_disconnected(sk
, other
);
1680 err
= -ECONNREFUSED
;
1682 unix_state_unlock(sk
);
1692 if (other
->sk_shutdown
& RCV_SHUTDOWN
)
1695 if (sk
->sk_type
!= SOCK_SEQPACKET
) {
1696 err
= security_unix_may_send(sk
->sk_socket
, other
->sk_socket
);
1701 if (unlikely(unix_peer(other
) != sk
&& unix_recvq_full(other
))) {
1703 timeo
= unix_wait_for_peer(other
, timeo
);
1705 err
= sock_intr_errno(timeo
);
1706 if (signal_pending(current
))
1713 unix_state_unlock(other
);
1714 unix_state_double_lock(sk
, other
);
1717 if (unix_peer(sk
) != other
||
1718 unix_dgram_peer_wake_me(sk
, other
)) {
1726 goto restart_locked
;
1730 if (unlikely(sk_locked
))
1731 unix_state_unlock(sk
);
1733 if (sock_flag(other
, SOCK_RCVTSTAMP
))
1734 __net_timestamp(skb
);
1735 maybe_add_creds(skb
, sock
, other
);
1736 skb_queue_tail(&other
->sk_receive_queue
, skb
);
1737 if (max_level
> unix_sk(other
)->recursion_level
)
1738 unix_sk(other
)->recursion_level
= max_level
;
1739 unix_state_unlock(other
);
1740 other
->sk_data_ready(other
, len
);
1742 scm_destroy(siocb
->scm
);
1747 unix_state_unlock(sk
);
1748 unix_state_unlock(other
);
1754 scm_destroy(siocb
->scm
);
1759 static int unix_stream_sendmsg(struct kiocb
*kiocb
, struct socket
*sock
,
1760 struct msghdr
*msg
, size_t len
)
1762 struct sock_iocb
*siocb
= kiocb_to_siocb(kiocb
);
1763 struct sock
*sk
= sock
->sk
;
1764 struct sock
*other
= NULL
;
1766 struct sk_buff
*skb
;
1768 struct scm_cookie tmp_scm
;
1769 bool fds_sent
= false;
1772 if (NULL
== siocb
->scm
)
1773 siocb
->scm
= &tmp_scm
;
1775 err
= scm_send(sock
, msg
, siocb
->scm
, false);
1780 if (msg
->msg_flags
&MSG_OOB
)
1783 if (msg
->msg_namelen
) {
1784 err
= sk
->sk_state
== TCP_ESTABLISHED
? -EISCONN
: -EOPNOTSUPP
;
1788 other
= unix_peer(sk
);
1793 if (sk
->sk_shutdown
& SEND_SHUTDOWN
)
1796 while (sent
< len
) {
1798 * Optimisation for the fact that under 0.01% of X
1799 * messages typically need breaking up.
1804 /* Keep two messages in the pipe so it schedules better */
1805 if (size
> ((sk
->sk_sndbuf
>> 1) - 64))
1806 size
= (sk
->sk_sndbuf
>> 1) - 64;
1808 if (size
> SKB_MAX_ALLOC
)
1809 size
= SKB_MAX_ALLOC
;
1815 skb
= sock_alloc_send_skb(sk
, size
, msg
->msg_flags
&MSG_DONTWAIT
,
1822 * If you pass two values to the sock_alloc_send_skb
1823 * it tries to grab the large buffer with GFP_NOFS
1824 * (which can fail easily), and if it fails grab the
1825 * fallback size buffer which is under a page and will
1828 size
= min_t(int, size
, skb_tailroom(skb
));
1831 /* Only send the fds in the first buffer */
1832 err
= unix_scm_to_skb(siocb
->scm
, skb
, !fds_sent
);
1837 max_level
= err
+ 1;
1840 err
= memcpy_fromiovec(skb_put(skb
, size
), msg
->msg_iov
, size
);
1846 unix_state_lock(other
);
1848 if (sock_flag(other
, SOCK_DEAD
) ||
1849 (other
->sk_shutdown
& RCV_SHUTDOWN
))
1852 maybe_add_creds(skb
, sock
, other
);
1853 skb_queue_tail(&other
->sk_receive_queue
, skb
);
1854 if (max_level
> unix_sk(other
)->recursion_level
)
1855 unix_sk(other
)->recursion_level
= max_level
;
1856 unix_state_unlock(other
);
1857 other
->sk_data_ready(other
, size
);
1861 scm_destroy(siocb
->scm
);
1867 unix_state_unlock(other
);
1870 if (sent
== 0 && !(msg
->msg_flags
&MSG_NOSIGNAL
))
1871 send_sig(SIGPIPE
, current
, 0);
1874 scm_destroy(siocb
->scm
);
1876 return sent
? : err
;
1879 static int unix_seqpacket_sendmsg(struct kiocb
*kiocb
, struct socket
*sock
,
1880 struct msghdr
*msg
, size_t len
)
1883 struct sock
*sk
= sock
->sk
;
1885 err
= sock_error(sk
);
1889 if (sk
->sk_state
!= TCP_ESTABLISHED
)
1892 if (msg
->msg_namelen
)
1893 msg
->msg_namelen
= 0;
1895 return unix_dgram_sendmsg(kiocb
, sock
, msg
, len
);
1898 static int unix_seqpacket_recvmsg(struct kiocb
*iocb
, struct socket
*sock
,
1899 struct msghdr
*msg
, size_t size
,
1902 struct sock
*sk
= sock
->sk
;
1904 if (sk
->sk_state
!= TCP_ESTABLISHED
)
1907 return unix_dgram_recvmsg(iocb
, sock
, msg
, size
, flags
);
1910 static void unix_copy_addr(struct msghdr
*msg
, struct sock
*sk
)
1912 struct unix_sock
*u
= unix_sk(sk
);
1915 msg
->msg_namelen
= u
->addr
->len
;
1916 memcpy(msg
->msg_name
, u
->addr
->name
, u
->addr
->len
);
1920 static int unix_dgram_recvmsg(struct kiocb
*iocb
, struct socket
*sock
,
1921 struct msghdr
*msg
, size_t size
,
1924 struct sock_iocb
*siocb
= kiocb_to_siocb(iocb
);
1925 struct scm_cookie tmp_scm
;
1926 struct sock
*sk
= sock
->sk
;
1927 struct unix_sock
*u
= unix_sk(sk
);
1928 int noblock
= flags
& MSG_DONTWAIT
;
1929 struct sk_buff
*skb
;
1937 mutex_lock(&u
->readlock
);
1939 skip
= sk_peek_offset(sk
, flags
);
1941 skb
= __skb_recv_datagram(sk
, flags
, &peeked
, &skip
, &err
);
1943 unix_state_lock(sk
);
1944 /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
1945 if (sk
->sk_type
== SOCK_SEQPACKET
&& err
== -EAGAIN
&&
1946 (sk
->sk_shutdown
& RCV_SHUTDOWN
))
1948 unix_state_unlock(sk
);
1952 wake_up_interruptible_sync_poll(&u
->peer_wait
,
1953 POLLOUT
| POLLWRNORM
| POLLWRBAND
);
1956 unix_copy_addr(msg
, skb
->sk
);
1958 if (size
> skb
->len
- skip
)
1959 size
= skb
->len
- skip
;
1960 else if (size
< skb
->len
- skip
)
1961 msg
->msg_flags
|= MSG_TRUNC
;
1963 err
= skb_copy_datagram_iovec(skb
, skip
, msg
->msg_iov
, size
);
1967 if (sock_flag(sk
, SOCK_RCVTSTAMP
))
1968 __sock_recv_timestamp(msg
, sk
, skb
);
1971 siocb
->scm
= &tmp_scm
;
1972 memset(&tmp_scm
, 0, sizeof(tmp_scm
));
1974 scm_set_cred(siocb
->scm
, UNIXCB(skb
).pid
, UNIXCB(skb
).uid
, UNIXCB(skb
).gid
);
1975 unix_set_secdata(siocb
->scm
, skb
);
1977 if (!(flags
& MSG_PEEK
)) {
1979 unix_detach_fds(siocb
->scm
, skb
);
1981 sk_peek_offset_bwd(sk
, skb
->len
);
1983 /* It is questionable: on PEEK we could:
1984 - do not return fds - good, but too simple 8)
1985 - return fds, and do not return them on read (old strategy,
1987 - clone fds (I chose it for now, it is the most universal
1990 POSIX 1003.1g does not actually define this clearly
1991 at all. POSIX 1003.1g doesn't define a lot of things
1996 sk_peek_offset_fwd(sk
, size
);
1999 siocb
->scm
->fp
= scm_fp_dup(UNIXCB(skb
).fp
);
2001 err
= (flags
& MSG_TRUNC
) ? skb
->len
- skip
: size
;
2003 scm_recv(sock
, msg
, siocb
->scm
, flags
);
2006 skb_free_datagram(sk
, skb
);
2008 mutex_unlock(&u
->readlock
);
2014 * Sleep until more data has arrived. But check for races..
2016 static long unix_stream_data_wait(struct sock
*sk
, long timeo
,
2017 struct sk_buff
*last
)
2021 unix_state_lock(sk
);
2024 prepare_to_wait(sk_sleep(sk
), &wait
, TASK_INTERRUPTIBLE
);
2026 if (skb_peek_tail(&sk
->sk_receive_queue
) != last
||
2028 (sk
->sk_shutdown
& RCV_SHUTDOWN
) ||
2029 signal_pending(current
) ||
2033 set_bit(SOCK_ASYNC_WAITDATA
, &sk
->sk_socket
->flags
);
2034 unix_state_unlock(sk
);
2035 timeo
= schedule_timeout(timeo
);
2036 unix_state_lock(sk
);
2038 if (sock_flag(sk
, SOCK_DEAD
))
2041 clear_bit(SOCK_ASYNC_WAITDATA
, &sk
->sk_socket
->flags
);
2044 finish_wait(sk_sleep(sk
), &wait
);
2045 unix_state_unlock(sk
);
2049 static int unix_stream_recvmsg(struct kiocb
*iocb
, struct socket
*sock
,
2050 struct msghdr
*msg
, size_t size
,
2053 struct sock_iocb
*siocb
= kiocb_to_siocb(iocb
);
2054 struct scm_cookie tmp_scm
;
2055 struct sock
*sk
= sock
->sk
;
2056 struct unix_sock
*u
= unix_sk(sk
);
2057 struct sockaddr_un
*sunaddr
= msg
->msg_name
;
2059 int noblock
= flags
& MSG_DONTWAIT
;
2060 int check_creds
= 0;
2067 if (sk
->sk_state
!= TCP_ESTABLISHED
)
2074 target
= sock_rcvlowat(sk
, flags
&MSG_WAITALL
, size
);
2075 timeo
= sock_rcvtimeo(sk
, noblock
);
2077 /* Lock the socket to prevent queue disordering
2078 * while sleeps in memcpy_tomsg
2082 siocb
->scm
= &tmp_scm
;
2083 memset(&tmp_scm
, 0, sizeof(tmp_scm
));
2086 err
= mutex_lock_interruptible(&u
->readlock
);
2087 if (unlikely(err
)) {
2088 /* recvmsg() in non blocking mode is supposed to return -EAGAIN
2089 * sk_rcvtimeo is not honored by mutex_lock_interruptible()
2091 err
= noblock
? -EAGAIN
: -ERESTARTSYS
;
2097 struct sk_buff
*skb
, *last
;
2099 unix_state_lock(sk
);
2100 if (sock_flag(sk
, SOCK_DEAD
)) {
2104 last
= skb
= skb_peek(&sk
->sk_receive_queue
);
2107 unix_sk(sk
)->recursion_level
= 0;
2108 if (copied
>= target
)
2112 * POSIX 1003.1g mandates this order.
2115 err
= sock_error(sk
);
2118 if (sk
->sk_shutdown
& RCV_SHUTDOWN
)
2121 unix_state_unlock(sk
);
2125 mutex_unlock(&u
->readlock
);
2127 timeo
= unix_stream_data_wait(sk
, timeo
, last
);
2129 if (signal_pending(current
)) {
2130 err
= sock_intr_errno(timeo
);
2134 mutex_lock(&u
->readlock
);
2137 unix_state_unlock(sk
);
2141 skip
= sk_peek_offset(sk
, flags
);
2142 while (skip
>= skb
->len
) {
2145 skb
= skb_peek_next(skb
, &sk
->sk_receive_queue
);
2150 unix_state_unlock(sk
);
2153 /* Never glue messages from different writers */
2154 if ((UNIXCB(skb
).pid
!= siocb
->scm
->pid
) ||
2155 !uid_eq(UNIXCB(skb
).uid
, siocb
->scm
->creds
.uid
) ||
2156 !gid_eq(UNIXCB(skb
).gid
, siocb
->scm
->creds
.gid
))
2158 } else if (test_bit(SOCK_PASSCRED
, &sock
->flags
)) {
2159 /* Copy credentials */
2160 scm_set_cred(siocb
->scm
, UNIXCB(skb
).pid
, UNIXCB(skb
).uid
, UNIXCB(skb
).gid
);
2164 /* Copy address just once */
2166 unix_copy_addr(msg
, skb
->sk
);
2170 chunk
= min_t(unsigned int, skb
->len
- skip
, size
);
2171 if (memcpy_toiovec(msg
->msg_iov
, skb
->data
+ skip
, chunk
)) {
2179 /* Mark read part of skb as used */
2180 if (!(flags
& MSG_PEEK
)) {
2181 skb_pull(skb
, chunk
);
2183 sk_peek_offset_bwd(sk
, chunk
);
2186 unix_detach_fds(siocb
->scm
, skb
);
2191 skb_unlink(skb
, &sk
->sk_receive_queue
);
2197 /* It is questionable, see note in unix_dgram_recvmsg.
2200 siocb
->scm
->fp
= scm_fp_dup(UNIXCB(skb
).fp
);
2203 sk_peek_offset_fwd(sk
, chunk
);
2211 unix_state_lock(sk
);
2212 skb
= skb_peek_next(skb
, &sk
->sk_receive_queue
);
2215 unix_state_unlock(sk
);
2220 mutex_unlock(&u
->readlock
);
2221 scm_recv(sock
, msg
, siocb
->scm
, flags
);
2223 return copied
? : err
;
2226 static int unix_shutdown(struct socket
*sock
, int mode
)
2228 struct sock
*sk
= sock
->sk
;
2231 if (mode
< SHUT_RD
|| mode
> SHUT_RDWR
)
2234 * SHUT_RD (0) -> RCV_SHUTDOWN (1)
2235 * SHUT_WR (1) -> SEND_SHUTDOWN (2)
2236 * SHUT_RDWR (2) -> SHUTDOWN_MASK (3)
2240 unix_state_lock(sk
);
2241 sk
->sk_shutdown
|= mode
;
2242 other
= unix_peer(sk
);
2245 unix_state_unlock(sk
);
2246 sk
->sk_state_change(sk
);
2249 (sk
->sk_type
== SOCK_STREAM
|| sk
->sk_type
== SOCK_SEQPACKET
)) {
2253 if (mode
&RCV_SHUTDOWN
)
2254 peer_mode
|= SEND_SHUTDOWN
;
2255 if (mode
&SEND_SHUTDOWN
)
2256 peer_mode
|= RCV_SHUTDOWN
;
2257 unix_state_lock(other
);
2258 other
->sk_shutdown
|= peer_mode
;
2259 unix_state_unlock(other
);
2260 other
->sk_state_change(other
);
2261 if (peer_mode
== SHUTDOWN_MASK
)
2262 sk_wake_async(other
, SOCK_WAKE_WAITD
, POLL_HUP
);
2263 else if (peer_mode
& RCV_SHUTDOWN
)
2264 sk_wake_async(other
, SOCK_WAKE_WAITD
, POLL_IN
);
2272 long unix_inq_len(struct sock
*sk
)
2274 struct sk_buff
*skb
;
2277 if (sk
->sk_state
== TCP_LISTEN
)
2280 spin_lock(&sk
->sk_receive_queue
.lock
);
2281 if (sk
->sk_type
== SOCK_STREAM
||
2282 sk
->sk_type
== SOCK_SEQPACKET
) {
2283 skb_queue_walk(&sk
->sk_receive_queue
, skb
)
2286 skb
= skb_peek(&sk
->sk_receive_queue
);
2290 spin_unlock(&sk
->sk_receive_queue
.lock
);
2294 EXPORT_SYMBOL_GPL(unix_inq_len
);
2296 long unix_outq_len(struct sock
*sk
)
2298 return sk_wmem_alloc_get(sk
);
2300 EXPORT_SYMBOL_GPL(unix_outq_len
);
2302 static int unix_ioctl(struct socket
*sock
, unsigned int cmd
, unsigned long arg
)
2304 struct sock
*sk
= sock
->sk
;
2310 amount
= unix_outq_len(sk
);
2311 err
= put_user(amount
, (int __user
*)arg
);
2314 amount
= unix_inq_len(sk
);
2318 err
= put_user(amount
, (int __user
*)arg
);
2327 static unsigned int unix_poll(struct file
*file
, struct socket
*sock
, poll_table
*wait
)
2329 struct sock
*sk
= sock
->sk
;
2332 sock_poll_wait(file
, sk_sleep(sk
), wait
);
2335 /* exceptional events? */
2338 if (sk
->sk_shutdown
== SHUTDOWN_MASK
)
2340 if (sk
->sk_shutdown
& RCV_SHUTDOWN
)
2341 mask
|= POLLRDHUP
| POLLIN
| POLLRDNORM
;
2344 if (!skb_queue_empty(&sk
->sk_receive_queue
))
2345 mask
|= POLLIN
| POLLRDNORM
;
2347 /* Connection-based need to check for termination and startup */
2348 if ((sk
->sk_type
== SOCK_STREAM
|| sk
->sk_type
== SOCK_SEQPACKET
) &&
2349 sk
->sk_state
== TCP_CLOSE
)
2353 * we set writable also when the other side has shut down the
2354 * connection. This prevents stuck sockets.
2356 if (unix_writable(sk
))
2357 mask
|= POLLOUT
| POLLWRNORM
| POLLWRBAND
;
2362 static unsigned int unix_dgram_poll(struct file
*file
, struct socket
*sock
,
2365 struct sock
*sk
= sock
->sk
, *other
;
2366 unsigned int mask
, writable
;
2368 sock_poll_wait(file
, sk_sleep(sk
), wait
);
2371 /* exceptional events? */
2372 if (sk
->sk_err
|| !skb_queue_empty(&sk
->sk_error_queue
))
2374 (sock_flag(sk
, SOCK_SELECT_ERR_QUEUE
) ? POLLPRI
: 0);
2376 if (sk
->sk_shutdown
& RCV_SHUTDOWN
)
2377 mask
|= POLLRDHUP
| POLLIN
| POLLRDNORM
;
2378 if (sk
->sk_shutdown
== SHUTDOWN_MASK
)
2382 if (!skb_queue_empty(&sk
->sk_receive_queue
))
2383 mask
|= POLLIN
| POLLRDNORM
;
2385 /* Connection-based need to check for termination and startup */
2386 if (sk
->sk_type
== SOCK_SEQPACKET
) {
2387 if (sk
->sk_state
== TCP_CLOSE
)
2389 /* connection hasn't started yet? */
2390 if (sk
->sk_state
== TCP_SYN_SENT
)
2394 /* No write status requested, avoid expensive OUT tests. */
2395 if (!(poll_requested_events(wait
) & (POLLWRBAND
|POLLWRNORM
|POLLOUT
)))
2398 writable
= unix_writable(sk
);
2400 unix_state_lock(sk
);
2402 other
= unix_peer(sk
);
2403 if (other
&& unix_peer(other
) != sk
&&
2404 unix_recvq_full(other
) &&
2405 unix_dgram_peer_wake_me(sk
, other
))
2408 unix_state_unlock(sk
);
2412 mask
|= POLLOUT
| POLLWRNORM
| POLLWRBAND
;
2414 set_bit(SOCK_ASYNC_NOSPACE
, &sk
->sk_socket
->flags
);
2419 #ifdef CONFIG_PROC_FS
2421 #define BUCKET_SPACE (BITS_PER_LONG - (UNIX_HASH_BITS + 1) - 1)
2423 #define get_bucket(x) ((x) >> BUCKET_SPACE)
2424 #define get_offset(x) ((x) & ((1L << BUCKET_SPACE) - 1))
2425 #define set_bucket_offset(b, o) ((b) << BUCKET_SPACE | (o))
2427 static struct sock
*unix_from_bucket(struct seq_file
*seq
, loff_t
*pos
)
2429 unsigned long offset
= get_offset(*pos
);
2430 unsigned long bucket
= get_bucket(*pos
);
2432 unsigned long count
= 0;
2434 for (sk
= sk_head(&unix_socket_table
[bucket
]); sk
; sk
= sk_next(sk
)) {
2435 if (sock_net(sk
) != seq_file_net(seq
))
2437 if (++count
== offset
)
2444 static struct sock
*unix_next_socket(struct seq_file
*seq
,
2448 unsigned long bucket
;
2450 while (sk
> (struct sock
*)SEQ_START_TOKEN
) {
2454 if (sock_net(sk
) == seq_file_net(seq
))
2459 sk
= unix_from_bucket(seq
, pos
);
2464 bucket
= get_bucket(*pos
) + 1;
2465 *pos
= set_bucket_offset(bucket
, 1);
2466 } while (bucket
< ARRAY_SIZE(unix_socket_table
));
2471 static void *unix_seq_start(struct seq_file
*seq
, loff_t
*pos
)
2472 __acquires(unix_table_lock
)
2474 spin_lock(&unix_table_lock
);
2477 return SEQ_START_TOKEN
;
2479 if (get_bucket(*pos
) >= ARRAY_SIZE(unix_socket_table
))
2482 return unix_next_socket(seq
, NULL
, pos
);
2485 static void *unix_seq_next(struct seq_file
*seq
, void *v
, loff_t
*pos
)
2488 return unix_next_socket(seq
, v
, pos
);
2491 static void unix_seq_stop(struct seq_file
*seq
, void *v
)
2492 __releases(unix_table_lock
)
2494 spin_unlock(&unix_table_lock
);
2497 static int unix_seq_show(struct seq_file
*seq
, void *v
)
2500 if (v
== SEQ_START_TOKEN
)
2501 seq_puts(seq
, "Num RefCount Protocol Flags Type St "
2505 struct unix_sock
*u
= unix_sk(s
);
2508 seq_printf(seq
, "%pK: %08X %08X %08X %04X %02X %5lu",
2510 atomic_read(&s
->sk_refcnt
),
2512 s
->sk_state
== TCP_LISTEN
? __SO_ACCEPTCON
: 0,
2515 (s
->sk_state
== TCP_ESTABLISHED
? SS_CONNECTED
: SS_UNCONNECTED
) :
2516 (s
->sk_state
== TCP_ESTABLISHED
? SS_CONNECTING
: SS_DISCONNECTING
),
2524 len
= u
->addr
->len
- sizeof(short);
2525 if (!UNIX_ABSTRACT(s
))
2531 for ( ; i
< len
; i
++)
2532 seq_putc(seq
, u
->addr
->name
->sun_path
[i
]);
2534 unix_state_unlock(s
);
2535 seq_putc(seq
, '\n');
2541 static const struct seq_operations unix_seq_ops
= {
2542 .start
= unix_seq_start
,
2543 .next
= unix_seq_next
,
2544 .stop
= unix_seq_stop
,
2545 .show
= unix_seq_show
,
2548 static int unix_seq_open(struct inode
*inode
, struct file
*file
)
2550 return seq_open_net(inode
, file
, &unix_seq_ops
,
2551 sizeof(struct seq_net_private
));
2554 static const struct file_operations unix_seq_fops
= {
2555 .owner
= THIS_MODULE
,
2556 .open
= unix_seq_open
,
2558 .llseek
= seq_lseek
,
2559 .release
= seq_release_net
,
2564 static const struct net_proto_family unix_family_ops
= {
2566 .create
= unix_create
,
2567 .owner
= THIS_MODULE
,
2571 static int __net_init
unix_net_init(struct net
*net
)
2573 int error
= -ENOMEM
;
2575 net
->unx
.sysctl_max_dgram_qlen
= 10;
2576 if (unix_sysctl_register(net
))
2579 #ifdef CONFIG_PROC_FS
2580 if (!proc_create("unix", 0, net
->proc_net
, &unix_seq_fops
)) {
2581 unix_sysctl_unregister(net
);
2590 static void __net_exit
unix_net_exit(struct net
*net
)
2592 unix_sysctl_unregister(net
);
2593 remove_proc_entry("unix", net
->proc_net
);
2596 static struct pernet_operations unix_net_ops
= {
2597 .init
= unix_net_init
,
2598 .exit
= unix_net_exit
,
2601 static int __init
af_unix_init(void)
2605 BUILD_BUG_ON(sizeof(struct unix_skb_parms
) > FIELD_SIZEOF(struct sk_buff
, cb
));
2607 rc
= proto_register(&unix_proto
, 1);
2609 printk(KERN_CRIT
"%s: Cannot create unix_sock SLAB cache!\n",
2614 sock_register(&unix_family_ops
);
2615 register_pernet_subsys(&unix_net_ops
);
2620 static void __exit
af_unix_exit(void)
2622 sock_unregister(PF_UNIX
);
2623 proto_unregister(&unix_proto
);
2624 unregister_pernet_subsys(&unix_net_ops
);
2627 /* Earlier than device_initcall() so that other drivers invoking
2628 request_module() don't end up in a loop when modprobe tries
2629 to use a UNIX socket. But later than subsys_initcall() because
2630 we depend on stuff initialised there */
2631 fs_initcall(af_unix_init
);
2632 module_exit(af_unix_exit
);
2634 MODULE_LICENSE("GPL");
2635 MODULE_ALIAS_NETPROTO(PF_UNIX
);